Editorial: Privacy is paramount, but enough with the inquisitions already

Oy vey! According to a report from Reuters (via Phonescoop), U.S. Sen. Charles Schumer, D-N.Y., has called for the Federal Trade Commission to investigate "reports that applications on the Apple Inc and Google Inc mobile systems steal private photos and contacts and post them online without consent."

OK, folks. Let's see if we can't explain this again. There was a report in the New York Times that exposed a flaw in iOS that lets applications have full access to an iPhone or iPad's Camera Roll (the equivalent of the Android "Gallery") if said application has access to GPS location. It's not that apps can't have access to images, it's just that the way they're going about it here is in violation of the iOS terms of service, and Apple's fixing it, as it does with other bugs. And as we've previously told you, it has absolutely nothing to do with Android.

Google's mobile operating system treats photos taken by your phone the same way your desktop or laptop would, whether it runs Windows, Linux -- or, yes, Apple's own Mac OS. They're files, saved to wherever it is you save your files. No more, no less. And any program on your computer -- application, if you like -- has full access to these files. And, no, you didn't have to check some big flashing light that said "Hey! I have full access to your computer because you put me on it, or I was preloaded, or whatever!" And you've been perfectly cool with this for as long as you can remember.

But being a perfectly normal operating system with a perfectly normal and acceptable file system isn't good enough these days. And, so, says Sen. Schumer, in the case of iOS apps uploading contacts without explicit permission, "these uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app's functionality."

Now, we're willing to bet that a "reasonable user" -- by the way, those "reasonable users" are folks like you and me -- actually doesn't understand a damn thing that goes on inside file system, or permissions, or Microsoft's UAC, or whatever. And that they haven't cared for the years that they've been using the computers that treat these files exactly the same way as Android does today. But we're in a different time, when it's better to have hearings than it is common sense when it comes to issues of privacy.

Apple already has taken steps to fix the unauthorized uploading of contact lists, as well as the flaw that would give apps a backdoor to the camera roll. But that hasn't stopped the inquisition.

Here's how it might go down:

Sen. Schumer: "So, let me get this straight. These applications -- I believe they're also called "apps" -- were uploading entire contact lists without permission, in violation of your terms of service?"

Apple: "Yes. We blew it. And we've put a stop to it."

Sen. Schumer: "Oh. That's good. But what about where an application that otherwise wouldn't have access to photographs taken on the iPhone could get to them by simply having access to GPS data?"

Apple: "We're fixing that, too."

Sen. Schumer: "Glad to hear it. What about you, Google? What say you?"

Google: "You're asking about bugs in iOS, senator. We're Google, not Apple. Android is not iOS."

Sen. Schumer: "So your applications can't share pictures?"

Google: "Of course they can. But they tell you that when you install them."

Sen. Schumer: "Oh. I skipped that part."

Google: "I'm sorry to hear that, senator."

Sen. Schumer: "Perhaps there should be more warning."

Google: "We also list an app's permissions in its market listing. You can read it on the Android Market on your smartphone, or from a web browser."

Sen. Schumer: "But what if a rogue app gets on my phone?"

Google: "Stay out of weird Chinese app stores. Or don't sideload applications. We have protections in place for that, too."

Sen. Schumer: "But any application can get to pictures I save, correct?"

Google: "Senator, do you have a laptop?"

Sen. Schumer: "Yes."

Google: "You do know that every program -- application -- installed on your laptop can access any file you save to your laptop, right? That's how most file systems work. Did you explicitly give it permission to do so? Because that's what you're complaining about here. It's the exact same thing. Only, Android apps tell you what they have permission to do before they ever do them."

This sort of thing certainly isn't limited to the United States. Channel 4 News in the UK did its own hit piece this week. Its source is a single security company, targeting a single ad network, and the story contains nary a single quote from Google. Not one.

I've only been a professional journalist for a dozen years now, but I'm pretty sure that's not how you do things. At least, it's not how you do them well.

But that didn't stop Channel 4 from showing its "findings" to the VP of the European Commission, who's already on the warpath. What these "findings" are we're not really sure, because other than showing a few code strings on air, neither Channel 4 nor its single security source says which apps are suspect. In fact, neither says the apps themselves are suspect, just that "We found that a lot of the free applications in the top 50 apps list are using advertising inside the applications, and that the permission that you grant to these applications is also granted to the advertiser."

Yes. The app that you already gave access to your phone uses in-app advertising. How, exactly, do these people think these ads work? By guessing what you're interested in?

The EU VP, Viviane Reding, is quoted as saying "This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this."

We're not really sure what, exactly, Reding believes is against the law and concerns her, because, again, we don't actually see any suspect applications. (And, frankly, seeing lines of code concerns me, too, which is why I don't do code for a living.)

To borrow a line from Rene Ritchie, our smartphones are like appliances -- say, a vaccuum. I have a basic understanding of how it works, but I really don't care about RPMs or belt tension or whatever else it does to keep stuff in that little vaccuum bag where it belongs. I don't want to know. I just want it to work. Same goes for smartphones. You shouldn't have to understand or be aware of every bloody intent in every line of code that's going on behind the scenes. Don't want to know. Don't need to know.

Nobody's denying that privacy is important. Nobody's saying that security shouldn't be an issue. Both are of ever-increasing importance. And we need to be able to trust our app developers, as well as the developers operating systems that ultimately are responsible for keeping our private parts private. If our lawmakers want to keep an eye on things, that's great. But they need to at least have some basic understanding of how things work before speaking out loud. (And it certainly can be argued they have better things to be keepingi an eye on.) And this goes double for the media. For better or worse, people believe what they see on TV.

This also means education of the issues is just as important. Otherwise, we'll all be legislated back into the feature phone era, and that's not good for anyone.

Will it come to that? Probably not. But the likes of Reuters and the UK's Channel 4 -- prime outlets for proper mass media education -- aren't exactly doing anyone any favors here. Are there bad apps out there? Sure. Do bugs and loopholes happen? Absolutely. Do Google and Apple and Microsoft and RIM do their darndest to keep your info secure? You betcha. To suggest otherwise is as irresponsible as it is ridiculous.

I don't know, I personally think it would be awesome to speak in front of the Senate. Also more entertaining would be getting kicked out because you called all the Senators idiots and worse. Can they arrest you for contempt of senate or something? Because that would definitely be paperwork I would want to save and frame on a wall somewhere.

Personally I think it's really more you that doesn't get it... privacy for the masses is more important than you suggest. And your description of Google/Android behaving the same way my desktop does is totally inaccurate.

When I install Outlook on my desktop, it doesn't automatically get blanket permissions now and forever unless I specifically set it up to... in order to use most apps on android, or ios for that matter, I have to surrender certain privacy permissions. With most desktop programs, who gets what is typically a case by case option decided by me when I use the program. That's the part that's missing in Android.

And it's plain wrong that it functions the other way around. I personally applaud any effort to prevent corporations... or the government from infringing on my privacy... they both got to the size they are on the backs of my... and your, information, they can bloody well get rich on my terms, not theirs.

And I do agree with The Senator in that most user's have no idea the extent to which they are handing over information and tracking. Sometimes the ignorant need a someone to watch out for them, not just watch them.

Wait... what?
You think Outlook can't access any files it wants?
Really?
What do you use to sandbox it?
Because I can write up a program that will list all the contents of any file on your OS in about 30 seconds. It doesn't NEED your permission to access a specific file. Once you start it, it can go wherever it wants.
And yes, Outlook (or any other program) can do anything it wants on your OS until you delete it. Now, it WON'T go look at just any file until you tell it to do so because MS isn't a virus/malware company (really, despite what many Linux/Mac users will tell you, it isn't :)). But just because it WON'T doesn't mean it CAN'T.

"When I install Outlook on my desktop, it doesn't automatically get blanket permissions now and forever"

You're an idiot. Stop typing and go play in the street. There's no such thing as "permissions" on your desktop computer. When you install Outlook or any other piece of software on your computer, it has access to every file on every drive connected to your computer. It also has unrestricted access to every piece of hardware inside your computer or connected externally to your computer. The only exception to this is internet access if you have a firewall turned on. In that case, you're asked one time if the software is allowed to access the web. After you say yes that one time, it has complete, unrestricted access to do everything and anything it wants to do online.

"With most desktop programs, who gets what is typically a case by case option decided by me when I use the program."

Again, you're an idiot. Alternately, you're lying. One of these two things must be true because your statement is completely false.

This one isn't nearly as bad as the elected Congressman from Georgia, D-Hank Johnson, was trying to act intelligent while grilling a Navy Admiral about Guam and its population capacity... you have got to look that one up on YouTube if you haven't seen it before.

Ok. Not to troll, but this is becoming one of my pet peeves lately with all the "sky is falling" privacy conversations we're having lately:

"facebook admitted to reading text messages off of your mobile phone"

Facebook is an inanimate object. Saying that Facebook reads your text messages is like saying that your cell phone "reads" your text messages. It certainly has access to them. It might even scan them looking for certain words (we all know already that Google has software that does that for determining which ads to show you) but this isn't the same thing as a *human being* who *works* for Facebook or Google reading your text messages.

An automated electronic system "scanning" your messages for certain words is not the same thing has having your private communication "read". Phrasing it that way just makes people start running in circles while screaming in panic and it drives me nuts.

These companies are *not* trying to violate you privacy people. Why in god's name would they? Again, nobody cares what you did last night, or wants to see you sexting your girl/boy friend. And if the Facebook app is "scanning" your SMS messages, you gave it permission to access them, so...

While it is true that a great number of elected officials are morons, who is the biggest moron of all, the one that despite being a certified idiot manages to get elected to office, or the people who after witnessing their stupidity on office, keep electing them time and time again...

Wake up America, purge the Kool-Aid you've been feed all this years and start dumping all the morons in office (both R and D), and start selecting smarter ones with a firm alliance to Country rather than party.

Fact is both the aforementioned classes have done plenty to earn the public's distrust, and just because Congress isn't full of it people doesn't mean they should give Apple or anyone else in the industry a pass.

Nobody's denying that privacy is important. Nobody's saying that security shouldn't be an issue. Both are of ever-increasing importance. And we need to be able to trust our app developers, as well as the developers operating systems that ultimately are responsible for keeping our private parts private. If our lawmakers want to keep an eye on things, that's great. But they need to at least have some basic understanding of how things work before speaking out loud. (And it certainly can be argued they have better things to be keepingi an eye on.) And this goes double for the media. For better or worse, people believe what they see on TV.

Thank you for proving my point Phil. Your bias is reflected in this and most of your other postings over the last 6 months.

Your entire position is that anyone who doesn't fully understand the underlying technology should shut up. By your faulty logic, BP shouldn't be accountable for the spill in the gulf because they know oil and drilling and all the players involved pointed their fingers at one another. Congress should just shut up because they aren't oil insiders or drillers or rig operators.

Google is not my friend. Apple is not my friend. App developers are not my friend. They provide services, I choose whether or not to consume them. When their market capitalizations are greater than the most evil industries in the world, I fail to see how you can give them a pass and put the shoulder of burden on Congress.

His position is not that people should "shut up" but that they should take a deep breath and find out what the issue really is before they go thermonuclear panic.

He's not saying, that people who don't understand the underlying technology don't get a voice. He's saying that people who are in a position that makes them trusted and looked up to should do a little research before they release false or misleading information and not just yell "fire" in the theater because they heard someone else say it felt a little warm.

If even imaginary Google in the imaginary hearings believes apps need a permission to read your SD card when they actually don't, wouldn't that go "beyond what a reasonable user understands himself to be consenting to"?

Everyone in the comments of the other post seemed to be persuaded that only apps with a certain permission can access your photos. That is incorrect. Every single Android app can access all the files on your sd card without any permission.

Instead of being an apologist a-hole, it could be gently explained on a technical level why this happens with SD cards. They might not understand why things are the way they are, but I'm certainly glad at least somebody's paying attention to privacy matters, accurate or not. You know, as long as people don't think they can legislate technical impossibilities after hearing the explanation (SOPA, anyone?).

First, with the near passing of SOPA/PIPA, it's absolutely vital that congresscritters get some actual expert advice on technical issues before blithely accepting what lobbyists write up for them to pass. Likewise, they should absolutely do at least a minimum amount of fact checking before calling companies to a hearing.

Both those statements depend on the idea that our legislators are actually interested in good governance and protecting their constituents, rather than securing re-election funding/lucrative consulting jobs and getting press time.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.